Re: TSL 1.2
Posted by: km2
Date: September 29, 2011 03:59PM

So, I leave only this one

ecdhe_ecdsa_rc4
ecdhe_rsa_rc4
ecdh_ecdsa_rc4
ecdh_rsa_rc4

It is ok? ..

Re: TSL 1.2
Posted by: margarita
Date: September 29, 2011 05:01PM

Quote
km2
So, I leave only this one
ecdhe_ecdsa_rc4
ecdhe_rsa_rc4
ecdh_ecdsa_rc4
ecdh_rsa_rc4
It is ok? ..

Yes, it's ok. These are the only algorithms that I have left set to "true" and the https sites work like a charm. I have set alto to "false" the SSL3, as you suggested in former post to enable only the TLS 1.0 connection mode.
o.O

Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Posted by: margarita
Date: September 29, 2011 05:21PM

Quote
gordon451
@margarita - Ummm... No.
OTOH, there is force_tls-3.0.0-fx.xpi which ATM only fits FF, but can be hacked to work with KM. Trouble is, I don't know how. sad smiley
Gordon.

I was very curious with the Force TLS extension, but I prefer the way how HTTPS finder extension works with dual mode "HEAD/GET page https requests" for slow modems compatibility. Very useful choice to get major passive security.

https://addons.mozilla.org/en-US/firefox/addon/https-finder/

This extension, as Force TLS, does not solve the CBC problem, it only gets access to the https:// version page of the webpage requested by the user.
o.O

Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Posted by: JamesD
Date: September 30, 2011 01:48AM

I have put together a faster method of managing the keys and protocols than using configuration and preferences. You can get the macro at: http://dl.dropbox.com/u/1522294/MgrTransCrypt.7z

The menu is under TOOLS - PRIVACY - PERMISSIONS. I arbitrarily split the keys into groups. I claim no special knowledge of the keys for this splitting. The macro changes all keys in a group to ON or OFF. If you individually set keys, then this might not work for you. The check mark in the menu comes from the first key in my arbitrary group. Only the keys set to true by default are included in the macro.

Comments and suggestions are always welcome.

Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Posted by: ndebord
Date: September 30, 2011 02:19AM

Quote
JamesD
I have put together a faster method of managing the keys and protocols than using configuration and preferences. You can get the macro at: http://dl.dropbox.com/u/1522294/MgrTransCrypt.7z

The menu is under TOOLS - PRIVACY - PERMISSIONS. I arbitrarily split the keys into groups. I claim no special knowledge of the keys for this splitting. The macro changes all keys in a group to ON or OFF. If you individually set keys, then this might not work for you. The check mark in the menu comes from the first key in my arbitrary group. Only the keys set to true by default are included in the macro.

Comments and suggestions are always welcome.

JamesD,

Much appreciated. I went through them one by one but was more than a little worried about which ones to toggle or not.

We should find a way to double-check to make sure we are doing the right thing. Meanwhile, Mozilla is talking about disabling Java altogether (not that they will actually do it, just want to light a fire under Oracle).

N

Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Posted by: guenter
Date: September 30, 2011 05:05AM

Quote
ndebord
Meanwhile, Mozilla is talking about disabling Java altogether.


That will be the day when I stop using a Mozilla based browser

Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Posted by: ndebord
Date: September 30, 2011 07:00AM

Quote
guenter
Quote
ndebord
Meanwhile, Mozilla is talking about disabling Java altogether.


That will be the day when I stop using a Mozilla based browser

guenter,

Even though the powers that be are making it clear that they really only want to support Firefox?

<wry grin>

N

Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Posted by: ndebord
Date: September 30, 2011 07:06AM

Quote
JamesD
I have put together a faster method of managing the keys and protocols than using configuration and preferences. You can get the macro at: http://dl.dropbox.com/u/1522294/MgrTransCrypt.7z

The menu is under TOOLS - PRIVACY - PERMISSIONS. I arbitrarily split the keys into groups. I claim no special knowledge of the keys for this splitting. The macro changes all keys in a group to ON or OFF. If you individually set keys, then this might not work for you. The check mark in the menu comes from the first key in my arbitrary group. Only the keys set to true by default are included in the macro.

Comments and suggestions are always welcome.

JamesD,

Loaded it up, but don't see it under tools, privacy, permissions? Where should I find it exactly? Tks.

P.S. Scratch that... for whatever reason it did not load up wiht KEIH, but manually placing the macro in the macros subfolder worked, so...

Now about the settings. Am I wrong to disallow everything except TLS and in the TLS only to allow this one:


TLS with RC4


Tks.

N



Edited 1 time(s). Last edit at 09/30/2011 07:14AM by ndebord.

Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Posted by: JamesD
Date: September 30, 2011 09:47AM

@ ndebord

Sorry, I did not make it an extension.

I think protocol TLS and RC4 keys is supposed to be safe. Actually with just the RC4 key, it might be safe to use both protocols. If you don't get a https connection with just one, it only takes three clicks on the menu and you add a protocol or a set of keys. You can then force reload the page and see if you get a good connection.

Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Posted by: ndebord
Date: September 30, 2011 09:53AM

Quote
JamesD
@ ndebord

Sorry, I did not make it an extension.

I think protocol TLS and RC4 keys is supposed to be safe. Actually with just the RC4 key, it might be safe to use both protocols. If you don't get a https connection with just one, it only takes three clicks on the menu and you add a protocol or a set of keys. You can then force reload the page and see if you get a good connection.

JamesD,

Thanks, right now I'm using just the one... If I read your post correctly, your macro will automatically add additional keys as needed by clicking three times on the menu (shades of Wizard of Oz!!!) <VBG>

N

Re: TSL 1.2
Posted by: km2
Date: September 30, 2011 05:05PM

@ margarita,

Cheers!

Re: TSL 1.2
Posted by: JamesD
Date: September 30, 2011 07:04PM

Quote
ndebord
Thanks, right now I'm using just the one... If I read your post correctly, your macro will automatically add additional keys as needed by clicking three times on the menu (shades of Wizard of Oz!!!) <VBG>

Actually I was wrong. The "Manage Encrypted Transmissions" is three menus deep under TOOLS. However you only have to click on TOOLS. Just sliding the mouse will allow you to get to PRIVACY, PERMISSIONS, and MANAGE ENCRYPTED TRANSMISSIONS. So your second click can either enable or disable a protocol or a group of keys. So it is really just two clicks.

By the way, if you have done some changes previously using configuration, then enabling and disabling, or disabling and enabling a group of keys will synchronize all the the keys in the group. This is just in case you had some keys in a group set differently. The check-mark for each group is managed by the first key in that group.

Re: TSL 1.2
Posted by: ndebord
Date: September 30, 2011 09:29PM

Quote
JamesD
Quote
ndebord
Thanks, right now I'm using just the one... If I read your post correctly, your macro will automatically add additional keys as needed by clicking three times on the menu (shades of Wizard of Oz!!!) <VBG>

Actually I was wrong. The "Manage Encrypted Transmissions" is three menus deep under TOOLS. However you only have to click on TOOLS. Just sliding the mouse will allow you to get to PRIVACY, PERMISSIONS, and MANAGE ENCRYPTED TRANSMISSIONS. So your second click can either enable or disable a protocol or a group of keys. So it is really just two clicks.

By the way, if you have done some changes previously using configuration, then enabling and disabling, or disabling and enabling a group of keys will synchronize all the the keys in the group. This is just in case you had some keys in a group set differently. The check-mark for each group is managed by the first key in that group.

JamesD,

Saw that, as I had done some manual tweaking (sweating all the way). So far, so good with just enabling TLS with RC4... works so won't enable any of the others, unless somebody here says I got it wrong! <g>

N

Re: TSL 1.2
Posted by: margarita
Date: September 30, 2011 09:48PM

Quote
km2
@ margarita,
Cheers!

Thank you very much smiling smiley smiling smiley smiling smiley
o.O

Re: TSL 1.2
Posted by: km2
Date: October 01, 2011 03:07AM

... smiling smiley

Re: TSL 1.2
Posted by: jmillar
Date: October 07, 2011 01:04AM

Thanks a bunch for the macro. What a setback for the security and privacy communities! And most astonishing of all, how many months/years will it take for most if not all servers to be updated? Here we are downgraded to 128 bit encryption, non-Rijndael (sp?). Using Internet is like holding water in a wicker basket. :-)

Re: TSL 1.2
Posted by: guenter
Date: October 08, 2011 04:35AM

Quote
jmillar
how many months/years will it take for most if not all servers to be updated?

Using Internet is like holding water in a wicker basket. :-)

1.) Forever? sad smiley

Unless server resources become much cheaper it will take long.

2.) Well said. grinning smiley



Edited 1 time(s). Last edit at 10/08/2011 04:37AM by guenter.

K-Meleon forum is powered by Phorum.